Closed
Description
Expected Behavior
No CVEs
Current Behavior
Update Semver to patch CVE
pnpm audit
┌─────────────────────┬────────────────────────────────────────────────────────┐
│ moderate │ semver vulnerable to Regular Expression Denial of │
│ │ Service │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Package │ semver │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Vulnerable versions │ <7.5.2 │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Patched versions │ >=7.5.2 │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Paths │ . > @commitlint/cli@17.6.5 > @commitlint/lint@17.6.5 > │
│ │ @commitlint/is-ignored@17.6.5 > semver@7.5.0 │
│ │ │
│ │ . > commitlint@17.6.5 > @commitlint/cli@17.6.5 > │
│ │ @commitlint/lint@17.6.5 > │
│ │ @commitlint/is-ignored@17.6.5 > semver@7.5.0 │
│ │ │
│ │ . > @commitlint/cli@17.6.5 > @commitlint/lint@17.6.5 > │
│ │ @commitlint/parse@17.6.5 > │
│ │ conventional-commits-parser@3.2.4 > meow@8.1.2 > │
│ │ read-pkg-up@7.0.1 > read-pkg@5.2.0 > │
│ │ normalize-package-data@2.5.0 > semver@5.7.1 │
│ │ │
│ │ ... Found 6 paths, run `pnpm why semver` for more │
│ │ information │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ More info │ https://github.com/advisories/GHSA-c2qf-rxjj-qqgw │
└─────────────────────┴────────────────────────────────────────────────────────┘
2 vulnerabilities found
Severity: 2 moderate
Affected packages
- cli
- core
- prompt
- config-angular
Possible Solution
N/A
Steps to Reproduce
N/AContext
N/A
commitlint --version
@commitlint/cli@17.6.5
git --version
2.34.1
node --version
v18.16.0